Replaced default apache2 html directory

lava / dockermail

Ready-to-use email server + (optional) web mail + (optional) caldav, carddav and a kitchen sink in a docker container

MIT License

301 stars 59 forks source link

Replaced default apache2 html directory #3

Closed floffel closed 10 years ago

floffel commented 10 years ago

Rainloop is in /var/www not /var/www/html

floffel commented 10 years ago

Alternativly, clone rainloop into /var/www/html, not /var/www/ Hopefully this helps...

lava commented 10 years ago

Weird, I remember index.php copying everything into /var/www/html when it was first called...that must have changed between 1.6.1 and 1.6.9. Exposing all of /var/www feels a bit risky from a security perspective, though, so I've created my own fix that copies the necessary files manually. Thanks for the report!

floffel commented 10 years ago

Is there any reason, why you don't clone it into /var/www/html?

Like changing this line: https://github.com/lava/dockermail/blob/master/rainloop/Dockerfile#L5 to

RUN git clone -b 1.6.9 --depth 1 https://github.com/RainLoop/rainloop-webmail.git /var/www/html

lava commented 10 years ago

By cloning into /var/www/html, the entire source directory becomes accessible from outside, i.e. you can access mail.example.org/.gitignore etc. I'm not really familiar enough with the rainloop source code to say how big of a security risk this is, but having a separate /var/www/html directory feels a bit cleaner to me.